Smart cards, also referred to as chip cards or integrated circuit cards, are devices with an embedded integrated circuit (such as a microprocessor and/or memory) for use as storage of sensitive data or user authentication. Smart cards may comprise memory for storing financial or personal data, or private data such as private keys used in the S/MIME (Secured Multipurpose Internet Mail Extensions) encryption technique. Preferably, some of this data may be secured using a PIN (personal identification number) or a password as an access control measure. In order to access the protected data stored in the card's memory, a user must be validated by providing the correct PIN or password.
Typically, the smart card does not include a data entry device for direct entry of a PIN or password for the purpose of user authentication. The smart card is typically used in conjunction with a smart card reader that is in communication with an input device. When the smart card is in communication with the smart card reader, a PIN or password may be provided in the clear by the user via the input device to the smart card reader. The reader may then pass the user-entered PIN or password on to the smart card for verification, so that the smart card can authenticate the user.
While this prior art smart card solution is satisfactory for hardware systems that are familiar to the user, such as smart card authentication systems used within a workplace environment where the smart card reader is trusted, such a system presents increased risk outside such environments where the hardware is not trusted. Because the PIN or password is provided by the user to the smart card reader in the clear, the smart card reader has access to this authentication information; the user does not know whether the smart card reader will retain a copy of the PIN or password, or pass the information on to an adversary.
Accordingly, it is desirable to provide a system and method for protecting the user's PIN or password at the time it is entered via the input device to ensure that such sensitive information is not captured or replicated by untrusted hardware.